forked from mmumshad/kubernetes-the-hard-way
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f9486b0
commit 4ca7c45
Showing
29 changed files
with
2,142 additions
and
1,946 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,47 +1,39 @@ | ||
| # Kubernetes The Hard Way | ||
|
|
||
| This tutorial will walk you through setting up Kubernetes the hard way. This guide is not for people looking for a fully automated command to bring up a Kubernetes cluster. If that's you then check out [Google Container Engine](https://cloud.google.com/container-engine), or the [Getting Started Guides](http://kubernetes.io/docs/getting-started-guides/). | ||
| This tutorial walks you through setting up Kubernetes the hard way. This guide is not for people looking for a fully automated command to bring up a Kubernetes cluster. If that's you then check out [Google Container Engine](https://cloud.google.com/container-engine), or the [Getting Started Guides](http://kubernetes.io/docs/getting-started-guides/). | ||
|
|
||
| This tutorial is optimized for learning, which means taking the long route to help people understand each task required to bootstrap a Kubernetes cluster. This tutorial requires access to [Google Compute Engine](https://cloud.google.com/compute). | ||
| Kubernetes The Hard Way is optimized for learning, which means taking the long route to ensure you understand each task required to bootstrap a Kubernetes cluster. | ||
|
|
||
| > The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that prevent you from learning! | ||
| > The results of this tutorial should not be viewed as production ready, and may receive limited support from the community, but don't let that stop you from learning! | ||
| ## Target Audience | ||
|
|
||
| The target audience for this tutorial is someone planning to support a production Kubernetes cluster and wants to understand how everything fits together. After completing this tutorial I encourage you to automate away the manual steps presented in this guide. | ||
| The target audience for this tutorial is someone planning to support a production Kubernetes cluster and wants to understand how everything fits together. | ||
|
|
||
| ## Cluster Details | ||
|
|
||
| * Kubernetes 1.7.0 | ||
| * Docker 1.12.6 | ||
| * etcd 3.1.4 | ||
| * [CNI Based Networking](https://github.com/containernetworking/cni) | ||
| * Secure communication between all components (etcd, control plane, workers) | ||
| * Default Service Account and Secrets | ||
| * [RBAC authorization enabled](https://kubernetes.io/docs/admin/authorization) | ||
| * [TLS client certificate bootstrapping for kubelets](https://kubernetes.io/docs/admin/kubelet-tls-bootstrapping) | ||
| * DNS add-on | ||
| Kubernetes The Hard Way guides you through bootstrapping a highly available Kubernetes cluster with end-to-end encryption between components and RBAC authentication. | ||
|
|
||
| ### What's Missing | ||
|
|
||
| The resulting cluster will be missing the following features: | ||
|
|
||
| * Cloud Provider Integration | ||
| * [Logging](https://kubernetes.io/docs/concepts/cluster-administration/logging/) | ||
| * [Cluster add-ons](https://github.com/kubernetes/kubernetes/tree/master/cluster/addons) | ||
| * [Kubernetes](https://github.com/kubernetes/kubernetes) 1.7.4 | ||
| * [CRI-O Container Runtime](https://github.com/kubernetes-incubator/cri-o) v1.0.0-beta.0 | ||
| * [CNI Container Networking](https://github.com/containernetworking/cni) v0.6.0 | ||
| * [etcd](https://github.com/coreos/etcd) 3.2.6 | ||
|
|
||
| ## Labs | ||
|
|
||
| This tutorial assumes you have access to [Google Cloud Platform](https://cloud.google.com) and the [Google Cloud SDK](https://cloud.google.com/sdk/)(148.0.0+). While GCP is used for basic infrastructure needs the things learned in this tutorial can be applied to every platform. | ||
|
|
||
| * [Cloud Infrastructure Provisioning](docs/01-infrastructure-gcp.md) | ||
| * [Setting up a CA and TLS Cert Generation](docs/02-certificate-authority.md) | ||
| * [Setting up TLS Client Bootstrap and RBAC Authentication](docs/03-auth-configs.md) | ||
| * [Bootstrapping a H/A etcd cluster](docs/04-etcd.md) | ||
| * [Bootstrapping a H/A Kubernetes Control Plane](docs/05-kubernetes-controller.md) | ||
| * [Bootstrapping Kubernetes Workers](docs/06-kubernetes-worker.md) | ||
| * [Configuring the Kubernetes Client - Remote Access](docs/07-kubectl.md) | ||
| * [Managing the Container Network Routes](docs/08-network.md) | ||
| * [Deploying the Cluster DNS Add-on](docs/09-dns-addon.md) | ||
| * [Smoke Test](docs/10-smoke-test.md) | ||
| * [Cleaning Up](docs/11-cleanup.md) | ||
| This tutorial assumes you have access to the [Google Cloud Platform](https://cloud.google.com). While GCP is used for basic infrastructure requirements the lessons learned in this tutorial can be applied to other platforms. | ||
|
|
||
| * [Prerequisites](docs/01-prerequisites.md) | ||
| * [Installing the Client Tools](docs/02-client-tools.md) | ||
| * [Provisioning Compute Resources](docs/03-compute-resources.md) | ||
| * [Provisioning the CA and Generating TLS Certificates](docs/04-certificate-authority.md) | ||
| * [Generating Kubernetes Configuration Files for Authentication](docs/05-kubernetes-configuration-files.md) | ||
| * [Generating the Data Encryption Config and Key](docs/06-data-encryption-keys.md) | ||
| * [Bootstrapping the etcd Cluster](docs/07-bootstrapping-etcd.md) | ||
| * [Bootstrapping the Kubernetes Control Plane](docs/08-bootstrapping-kubernetes-controllers.md) | ||
| * [Bootstrapping the Kubernetes Worker Nodes](docs/09-bootstrapping-kubernetes-workers.md) | ||
| * [Configuring kubectl for Remote Access](docs/10-configuring-kubectl.md) | ||
| * [Provisioning Pod Network Routes](docs/11-pod-network-routes.md) | ||
| * [Deploying the DNS Cluster Add-on](docs/12-dns-addon.md) | ||
| * [Smoke Test](docs/13-smoke-test.md) | ||
| * [Cleaning Up](docs/14-cleanup.md) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,192 @@ | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: kube-dns | ||
| namespace: kube-system | ||
| --- | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: kube-dns | ||
| namespace: kube-system | ||
| labels: | ||
| addonmanager.kubernetes.io/mode: EnsureExists | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: kube-dns | ||
| namespace: kube-system | ||
| labels: | ||
| k8s-app: kube-dns | ||
| kubernetes.io/cluster-service: "true" | ||
| kubernetes.io/name: "KubeDNS" | ||
| spec: | ||
| clusterIP: 10.32.0.10 | ||
| ports: | ||
| - name: dns | ||
| port: 53 | ||
| protocol: UDP | ||
| targetPort: 53 | ||
| - name: dns-tcp | ||
| port: 53 | ||
| protocol: TCP | ||
| targetPort: 53 | ||
| selector: | ||
| k8s-app: kube-dns | ||
| sessionAffinity: None | ||
| type: ClusterIP | ||
| --- | ||
| apiVersion: extensions/v1beta1 | ||
| kind: Deployment | ||
| metadata: | ||
| labels: | ||
| k8s-app: kube-dns | ||
| kubernetes.io/cluster-service: "true" | ||
| name: kube-dns | ||
| namespace: kube-system | ||
| spec: | ||
| replicas: 2 | ||
| selector: | ||
| matchLabels: | ||
| k8s-app: kube-dns | ||
| strategy: | ||
| rollingUpdate: | ||
| maxSurge: 10% | ||
| maxUnavailable: 0 | ||
| type: RollingUpdate | ||
| template: | ||
| metadata: | ||
| annotations: | ||
| scheduler.alpha.kubernetes.io/critical-pod: "" | ||
| creationTimestamp: null | ||
| labels: | ||
| k8s-app: kube-dns | ||
| spec: | ||
| containers: | ||
| - name: kubedns | ||
| image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.4 | ||
| env: | ||
| - name: PROMETHEUS_PORT | ||
| value: "10055" | ||
| args: | ||
| - --domain=cluster.local. | ||
| - --dns-port=10053 | ||
| - --config-dir=/kube-dns-config | ||
| - --v=2 | ||
| livenessProbe: | ||
| failureThreshold: 5 | ||
| httpGet: | ||
| path: /healthcheck/kubedns | ||
| port: 10054 | ||
| scheme: HTTP | ||
| initialDelaySeconds: 60 | ||
| periodSeconds: 10 | ||
| successThreshold: 1 | ||
| timeoutSeconds: 5 | ||
| ports: | ||
| - name: dns-local | ||
| containerPort: 10053 | ||
| protocol: UDP | ||
| - name: dns-tcp-local | ||
| containerPort: 10053 | ||
| protocol: TCP | ||
| - name: metrics | ||
| containerPort: 10055 | ||
| protocol: TCP | ||
| readinessProbe: | ||
| failureThreshold: 3 | ||
| httpGet: | ||
| path: /readiness | ||
| port: 8081 | ||
| scheme: HTTP | ||
| initialDelaySeconds: 3 | ||
| periodSeconds: 10 | ||
| successThreshold: 1 | ||
| timeoutSeconds: 5 | ||
| resources: | ||
| limits: | ||
| memory: 170Mi | ||
| requests: | ||
| cpu: 100m | ||
| memory: 70Mi | ||
| volumeMounts: | ||
| - name: kube-dns-config | ||
| mountPath: /kube-dns-config | ||
| - name: dnsmasq | ||
| image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.4 | ||
| args: | ||
| - -v=2 | ||
| - -logtostderr | ||
| - -configDir=/etc/k8s/dns/dnsmasq-nanny | ||
| - -restartDnsmasq=true | ||
| - -- | ||
| - -k | ||
| - --cache-size=1000 | ||
| - --log-facility=- | ||
| - --server=/cluster.local/127.0.0.1#10053 | ||
| - --server=/in-addr.arpa/127.0.0.1#10053 | ||
| - --server=/ip6.arpa/127.0.0.1#10053 | ||
| livenessProbe: | ||
| failureThreshold: 5 | ||
| httpGet: | ||
| path: /healthcheck/dnsmasq | ||
| port: 10054 | ||
| scheme: HTTP | ||
| initialDelaySeconds: 60 | ||
| periodSeconds: 10 | ||
| successThreshold: 1 | ||
| timeoutSeconds: 5 | ||
| ports: | ||
| - name: dns | ||
| containerPort: 53 | ||
| protocol: UDP | ||
| - name: dns-tcp | ||
| containerPort: 53 | ||
| protocol: TCP | ||
| resources: | ||
| requests: | ||
| cpu: 150m | ||
| memory: 20Mi | ||
| volumeMounts: | ||
| - name: kube-dns-config | ||
| mountPath: /etc/k8s/dns/dnsmasq-nanny | ||
| - name: sidecar | ||
| image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.4 | ||
| args: | ||
| - --v=2 | ||
| - --logtostderr | ||
| - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A | ||
| - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A | ||
| livenessProbe: | ||
| failureThreshold: 5 | ||
| httpGet: | ||
| path: /metrics | ||
| port: 10054 | ||
| scheme: HTTP | ||
| initialDelaySeconds: 60 | ||
| periodSeconds: 10 | ||
| successThreshold: 1 | ||
| timeoutSeconds: 5 | ||
| ports: | ||
| - name: metrics | ||
| containerPort: 10054 | ||
| protocol: TCP | ||
| resources: | ||
| requests: | ||
| cpu: 10m | ||
| memory: 20Mi | ||
| dnsPolicy: Default | ||
| restartPolicy: Always | ||
| serviceAccount: kube-dns | ||
| serviceAccountName: kube-dns | ||
| terminationGracePeriodSeconds: 30 | ||
| tolerations: | ||
| - key: CriticalAddonsOnly | ||
| operator: Exists | ||
| volumes: | ||
| - name: kube-dns-config | ||
| configMap: | ||
| defaultMode: 420 | ||
| name: kube-dns | ||
| optional: true |
Oops, something went wrong.